Technology giants must do more to co-operate with law enforcement on encryption or they risk threatening European democracy, according to the head of Europol, as the agency gears up to renew pressure on companies at the World Economic Forum in Davos this week. From a report: Catherine De Bolle told the Financial Times she will meet Big Tech groups in the Swiss mountain resort to discuss the matter, claiming that companies had a "social responsibility" to give the police access to encrypted messages that are used by criminals to remain anonymous. "Anonymity is not a fundamental right," said the EU law enforcement agency's executive director.

"When we have a search warrant and we are in front of a house and the door is locked, and you know that the criminal is inside of the house, the population will not accept that you cannot enter." In a digital environment, the police needed to be able to decode these messages to fight crime, she added. "You will not be able to enforce democracy [without it]."

CNN reports: TikTok appears to be coming back online just hours after President-elect Donald Trump pledged Sunday that he would sign an executive order Monday that aims to restore the banned app. Around 12 hours after first shutting itself down, U.S. users began to have access to TikTok on a web browser and in the app, although the page still showed a warning about the shutdown.
The brief outage was "the first time in history the U.S. government has outlawed a widely popular social media network," reports NPR. Apple and Google removed TikTok from their app stores. (And Apple also removed Lemon8).

The incoming president announced his pending executive order "in a post on his Truth Social account," reports the Associated Press, "as millions of TikTok users in the U.S. awoke to discover they could no longer access the TikTok app or platform."

But two Republican Senators said Sunday that the incoming president doesn't have the power to pause the TikTok ban. Tom Cotton of Arkansas and Peter Ricketts of Nebraska posted on X.com that "Now that the law has taken effect, there's no legal basis for any kind of 'extension' of its effective date. For TikTok to come back online in the future, ByteDance must agree to a sale... severing all ties between TikTok and Communist China. Only then will Americans be protected from the grave threat posted to their privacy and security by a communist-controlled TikTok."

The Associated Press reports that the incoming president offered this rationale for the reprieve in his Truth Social post. "Americans deserve to see our exciting Inauguration on Monday, as well as other events and conversations." The law gives the sitting president authority to grant a 90-day extension if a viable sale is underway. Although investors made a few offers, ByteDance previously said it would not sell. In his post on Sunday, Trump said he "would like the United States to have a 50% ownership position in a joint venture," but it was not immediately clear if he was referring to the government or an American company...

"A law banning TikTok has been enacted in the U.S.," a pop-up message informed users who opened the TikTok app and tried to scroll through videos on Saturday night. "Unfortunately that means you can't use TikTok for now." The service interruption TikTok instituted hours earlier caught most users by surprise. Experts had said the law as written did not require TikTok to take down its platform, only for app stores to remove it. Current users had been expected to continue to have access to videos until the app stopped working due to a lack of updates... "We are fortunate that President Trump has indicated that he will work with us on a solution to reinstate TikTok once he takes office. Please stay tuned," read the pop-up message...

Apple said the apps would remain on the devices of people who already had them installed, but in-app purchases and new subscriptions no longer were possible and that operating updates to iPhones and iPads might affect the apps' performance.

In the nine months since Congress passed the sale-or-ban law, no clear buyers emerged, and ByteDance publicly insisted it would not sell TikTok. But Trump said he hoped his administration could facilitate a deal to "save" the app. TikTok CEO Shou Chew is expected to attend Trump's inauguration with a prime seating location. Chew posted a video late Saturday thanking Trump for his commitment to work with the company to keep the app available in the U.S. and taking a "strong stand for the First Amendment and against arbitrary censorship...."

On Saturday, artificial intelligence startup Perplexity AI submitted a proposal to ByteDance to create a new entity that merges Perplexity with TikTok's U.S. business, according to a person familiar with the matter...
The article adds that TikTok "does not operate in China, where ByteDance instead offers Douyin, the Chinese sibling of TikTok that follows Beijing's strict censorship rules."

Sunday morning Republican House speaker Mike Johnson offered his understanding of Trump's planned executive order, according to Politico. Speaking on Meet the Press, Johnson said "the way we read that is that he's going to try to force along a true divestiture, changing of hands, the ownership.

"It's not the platform that members of Congress are concerned about. It's the Chinese Communist Party and their manipulation of the algorithms."

Thanks to long-time Slashdot reader ArchieBunker for sharing the news.

Chinese social-networking site RedNote became the #1 most-downloaded app in America, reports the Associated Press, with some new users considering it a way to protest America's possible TikTok ban.

So what happened next? They were met with surprise, curiosity and in-jokes on Xiaohongshu — literally, "Little Red Book" — whose users saw English-language posts take over feeds almost overnight. Americans introduced themselves with hashtag TikTok refugees, ask me anything attitude and posting photos of their pets to pay their hosts' "cat tax." Parents swapped stories about raising kids and Swifties from both countries, of course, quickly found each other. It's a rare moment of direct contact between two online worlds that are usually kept apart by language, corporate boundaries, and China's strict system of online censorship that blocks access to nearly all international media and social media services... Xiaohongshu's 300 million monthly active users are overwhelmingly Chinese — so much so that parts of its interface have no English-language version... [Press reports suggest about a million of TikTok's 170 million users tried switching to RedNote this week...]

On the platform, two versions of the TikTok refugee hashtag have over 24 million posts, with related posts appearing at the top of many users' feeds. A large number of American users say they've received a warm welcome from the community, with #TikTokrefugee. "Welcome the global villagers" remains the top one trending topic on Xiaohongshu, with 8.9 million views on Thursday. Users from both countries are comparing notes on grocery prices, rent, health insurance, medical bills and the relationship between mother-in-law and daughter-in-law. Parents talk about what the kids learn in school in two countries. Some have already joined book clubs and are building up a community. American users asked how Chinese see the LGBTQ community and got warned that it was among sensitive topics, Chinese users taught Americans what are sensitive topics and key words to avoid censorship on the app. Chinese students pulled out their English homework, looking for help.

Chinese state media, which have long dismissed U.S. allegations against TikTok, have welcomed the protest against the ban. People's Daily [the official newspaper of the Central Committee of the Chinese Communist Party], said in an op-ed about TikTok refugees on Thursday that says the TikTok refugees found a "new home," and "openness, communication, and mutual learning are the unchanging themes of mankind and the heartfelt desires of people from all countries."
Making the most of the moment is Jianlu Bi, who is apparently a senior content producer for Beijing's state-run China Global Television Network, which Wikipedia describes as "under the control of the Central Propaganda Department of the Chinese Communist Party". Friday Jianlu Bi crafted an article claiming "surprising" and "stark contrasts" were revealed: While the United States is often portrayed as a land of limitless opportunity, many American netizens have shared their struggles with high living costs, particularly in urban areas. One common theme is the exorbitant cost of healthcare. "I just got a simple bill for a routine checkup and it was over $500," shared one American user. "I can't imagine what a serious illness would cost! I feel like I'm constantly on the brink of financial ruin due to medical expenses." In contrast, Chinese netizens often express surprise at the affordability of many goods and services in their home country. For instance, the cost of housing, particularly in smaller cities, is often significantly lower in China compared to the United States.... This disparity is often attributed to factors such as government policies, economic development, and cultural differences...

Traditional media narratives often present simplified and often biased portrayals of China and the United States. For example, the U.S. is often portrayed as a land of opportunity with limitless possibilities, while China is sometimes depicted as a country with limited freedoms. Xiaohongshu, on the other hand, provides a platform for ordinary people to share their authentic experiences and perspectives... A Chinese student studying in the U.S. shared, "I was surprised to learn that many of my classmates are working part-time jobs to cover their tuition and living expenses. This is very different from the image of affluent American students I had in my mind. It really opened my eyes to the realities of life for many young people in the U.S."
"As social media continues to evolve, these platforms will undoubtedly play an increasingly important role in shaping global perceptions..." the article concludes.

Article suggested by long-time Slashdot reader hackingbear.

A new law is being considered by New York's state legislature, reports a local news outlet, which "if passed, will require anyone buying a 3D printer to pass a background check. If you can't legally own a firearm, you won't be able to buy one of these printers..." It is illegal to print most gun parts in New York. Attorney Greg Rinckey believes the proposal is an overreach. "I think this is also gonna face some constitutional problems. I mean, it really comes down to a legal parsing of what are you printing and at what point is it technically a firearm...?"

[Ascent Fabrication owner Joe] Fairley thinks lawmakers should shift their focus on those partial gun kits that produce the metal firing components. Another possibility is to require printer manufacturers to install software that prevents gun parts from being printed. "They would need to agree on some algorithm to look at the part and say nope, that is a gun component, you're not allowed to print that part somehow," said Fairley. "But I feel like it would be extremely difficult to get to that point."

A county transit police detective fed a poor-quality image to an AI-powered facial recognition program, remembers the Washington Post, leading to the arrest of "Christopher Gatlin, a 29-year-old father of four who had no apparent ties to the crime scene nor a history of violent offenses." He was unable to post the $75,000 cash bond required, and "jailed for a crime he says he didn't commit, it would take Gatlin more than two years to clear his name." A Washington Post investigation into police use of facial recognition software found that law enforcement agencies across the nation are using the artificial intelligence tools in a way they were never intended to be used: as a shortcut to finding and arresting suspects without other evidence... The Post reviewed documents from 23 police departments where detailed records about facial recognition use are available and found that 15 departments spanning 12 states arrested suspects identified through AI matches without any independent evidence connecting them to the crime — in most cases contradicting their own internal policies requiring officers to corroborate all leads found through AI. Some law enforcement officers using the technology appeared to abandon traditional policing standards and treat software suggestions as facts, The Post found. One police report referred to an uncorroborated AI result as a "100% match." Another said police used the software to "immediately and unquestionably" identify a suspected thief.

Gatlin is one of at least eight people wrongfully arrested in the United States after being identified through facial recognition... All of the cases were eventually dismissed. Police probably could have eliminated most of the people as suspects before their arrest through basic police work, such as checking alibis, comparing tattoos, or, in one case, following DNA and fingerprint evidence left at the scene.
Some statistics from the article about the eight wrongfully-arrested people:

• In six cases police failed to check alibis

• In two cases police ignored evidence that contradicted their theory

• In five cases police failed to collect key pieces of evidence

• In three cases police ignored suspects' physical characteristics

• In six cases police relied on problematic witness statements

The article provides two examples of police departments forced to pay $300,000 settlements after wrongful arrests caused by AI mismatches. But "In interviews with The Post, all eight people known to have been wrongly arrested said the experience had left permanent scars: lost jobs, damaged relationships, missed payments on car and home loans. Some said they had to send their children to counseling to work through the trauma of watching their mother or father get arrested on the front lawn.

"Most said they also developed a fear of police."

Longtime Slashdot reader tlhIngan writes: In what is perhaps the greatest irony ever, the operators of RedNote (known as Xiaohongshu) have decided to "wall off" US TikTok refugees fleeing to its service as the TikTok ban looms. The reason? The Chinese Communist Party (CCP) wants to prevent American influence from spreading to Chinese citizens. The ban is expected to be in place next week, while many believe that the influx of Americans to be temporary and just a reaction to the TikTok ban to move to another Chinese app. Many Chinese users are not happy with the influx as having "ruined" their ability to connect with "Chinese culture, Chinese values and Chinese news."

An anonymous reader shares a report: FBI leaders have warned that they believe hackers who broke into AT&T's system last year stole months of their agents' call and text logs, setting off a race within the bureau to protect the identities of confidential informants, a document reviewed by Bloomberg News shows.

FBI officials told agents across the country that details about their use on the telecom carrier's network were believed to be among the billions of records stolen, according to the document and interviews with a current and a former law enforcement official. They asked not to be named to discuss sensitive information. Data from all FBI devices under the bureau's AT&T service for public safety agencies were presumed taken, the document shows.

The cache of hacked AT&T records didn't reveal the substance of communications but, according to the document, could link investigators to their secret sources. The data was believed to include agents' mobile phone numbers and the numbers with which they called and texted, the document shows. Records for calls and texts that weren't on the AT&T network, such as through encrypted messaging apps, weren't part of the stolen data.

An anonymous reader shares a report: The Supreme Court on Friday unanimously upheld the federal law banning TikTok beginning Sunday unless it's sold by its China-based parent company, holding that the risk to national security posed by its ties to China overcomes concerns about limiting speech by the app or its 170 million users in the United States.

A sale does not appear imminent and, although experts have said the app will not disappear from existing users' phones once the law takes effect on Jan. 19, new users won't be able to download it and updates won't be available. That will eventually render the app unworkable, the Justice Department has said in court filings.

Indonesia plans to issue a regulation to set a minimum age for users of social media, a move aimed at protecting children, its communications minister has said. From a report: The plans follows Australia's decision to ban children under 16 from accessing social media, with fines for tech giants from Instagram and Facebook owner Meta to TikTok if they failed to prevent children accessing their platforms. Minister Meutya Hafid did not say what the minimum age would be in Indonesia. Her remarks, made late on Jan 13, came after she discussed the plan with President Prabowo Subianto.

According to Axios, Google has told the EU it will not add fact checks to search results and YouTube videos or use them in ranking or removing content, despite the requirements of a new EU law. From the report: In a letter written to Renate Nikolay, the deputy director general under the content and technology arm at the European Commission, Google's global affairs president Kent Walker said the fact-checking integration required by the Commission's new Disinformation Code of Practice "simply isn't appropriate or effective for our services" and said Google won't commit to it. The code would require Google to incorporate fact-check results alongside Google's search results and YouTube videos. It would also force Google to build fact-checking into its ranking systems and algorithms.

Walker said Google's current approach to content moderation works and pointed to successful content moderation during last year's "unprecedented cycle of global elections" as proof. He said a new feature added to YouTube last year that enables some users to add contextual notes to videos "has significant potential." (That program is similar to X's Community Notes feature, as well as new program announced by Meta last week.)

The EU's Code of Practice on Disinformation, introduced in 2022, includes several voluntary commitments that tech firms and private companies, including fact-checking organizations, are expected to deliver on. The Code, originally created in 2018, predates the EU's new content moderation law, the Digital Services Act (DSA), which went into effect in 2022.

The Commission has held private discussions over the past year with tech companies, urging them to convert the voluntary measures into an official code of conduct under the DSA. Walker said in his letter Thursday that Google had already told the Commission that it didn't plan to comply. Google will "pull out of all fact-checking commitments in the Code before it becomes a DSA Code of Conduct," he wrote. He said Google will continue to invest in improvements to its current content moderation practices, which focus on providing people with more information about their search results through features like Synth ID watermarking and AI disclosures on YouTube.

Ars Technica's Jon Brodkin reports: AT&T has stopped offering its 5G home Internet service in New York instead of complying with a new state law that requires ISPs to offer $15 or $20 plans to people with low incomes. New York started enforcing its Affordable Broadband Act yesterday after a legal battle of nearly four years. [...] The law requires ISPs with over 20,000 customers in New York to offer $15 broadband plans with download speeds of at least 25Mbps, or $20-per-month service with 200Mbps speeds. The plans only have to be offered to households that meet income eligibility requirements, such as qualifying for the National School Lunch Program, Supplemental Nutrition Assistance Program, or Medicaid. [...]

Ending home Internet service in New York is relatively simple for AT&T because it is outside the 21-state wireline territory in which the telco offers fiber and DSL home Internet service. "AT&T Internet Air is currently available only in select areas and where AT&T Fiber is not available. New York is outside of our wireline service footprint, so we do not have other home Internet options available in the state," the company said. AT&T will continue offering its 4G and 5G mobile service in New York, as the state law only affects home Internet service. People with smartphones or other mobile devices connected to the AT&T wireless network should thus see no change.

Existing New York-based users of AT&T Internet Air can only keep it for 45 days and won't be charged during that time, AT&T said. "During this transition, customers will be able to keep their existing AT&T Internet Air service for up to 45 days, at no charge, as they find other options for broadband. We will work closely with our customers throughout this transition," AT&T said. Residential users will be sent "a recovery kit with instructions on how to return their AIA equipment, while business customers can keep any device they purchased at no charge," AT&T said.

Nintendo's top intellectual property lawyer has acknowledged that video game emulators are technically legal, even as the company continues to shut down popular emulation projects worldwide. Speaking at the Tokyo eSports Festa, Koji Nishiura, deputy general manager of Nintendo's intellectual property department, said emulators violate the law only when they bypass encryption, copy copyrighted console programs, or direct users to pirated material. The statement comes after Nintendo forced the closure of several major emulation projects last year, including Yuzu, Citra, and Ryujinx.

hackingbear shares a report from the Associated Press: As the threat of a TikTok ban looms, U.S. TikTok users are flocking to the Chinese social media app Xiaohongshu -- making it the top downloaded app in the U.S. Xiaohongshu, which in English means "Little Red Book" is a Chinese social media app that combines e-commerce, short video and posting functions, enticing mostly Chinese young women from mainland China and regions with with a Chinese diaspora such as Malaysia and Taiwan who use it as a de-facto search engine for product, travel and restaurant recommendations, as well as makeup and skincare tutorials. After the justices seemed inclined to let the law stand, masses of TikTok users began creating accounts on Xiaohongshu, including hashtags such as #tiktokrefugee or #tiktok to their posts. "

I like your makeup," a Xiaohongshu user from Beijing comments one of the posts by Alexis Garman, a 21-year-old TikTok user in Oklahoma with nearly 20,000 followers, and Garman thanks them in a reply. A user from the southwestern province of Sichuan commented "I am your Chinese spy please surrender your personal information or the photographs of your cat (or dog)." "TikTok possibly getting banned doesn't just take away an app, it takes away jobs, friends and community," Garman said. "Personally, the friends and bond I have with my followers will now be gone." Xiaohongshu doesn't even have an English user interface. Reuters reports: In only two days, more than 700,000 new users joined Xiaohongshu, a person close to the company told Reuters. Xiaohongshu [which was founded in 2013 and is backed by investors such as Alibaba, Tencent and Sequoia], did not immediately respond to a request for comment. U.S. downloads of RedNote were up more than 200% year-over-year this week, and 194% from the week prior, according to estimates from app data research firm Sensor Tower. The second most-popular free app on Apple's App Store list on Tuesday, Lemon8, another social media app owned by ByteDance, experienced a similar surge last month, with downloads jumping by 190% in December to about 3.4 million.

An anonymous reader quotes a report from Gizmodo: Texas has sued (PDF) one of the nation's largest car insurance providers alleging that it violated the state's privacy laws by surreptitiously collecting detailed location data on millions of drivers and using that information to justify raising insurance premiums. The state's attorney general, Ken Paxton, said the lawsuit against Allstate and its subsidiary Arity is the first enforcement action ever filed by a state attorney general to enforce a data privacy law. It also follows a deceptive business practice lawsuit he filed against General Motors accusing the car manufacturer of misleading customers by collecting and selling driver data.

In 2015, Allstate developed the Arity Driving Engine software development kit (SDK), a package of code that the company allegedly paid mobile app developers to install in their products in order to collect a variety of sensitive data from consumers' phones. The SDK gathered phone geolocation data, accelerometer, and gyroscopic data, details about where phone owners started and ended their trips, and information about "driving behavior," such as whether phone owners appeared to be speeding or driving while distracted, according to the lawsuit. The apps that installed the SDK included GasBuddy, Fuel Rewards, and Life360, a popular family monitoring app, according to the lawsuit.

Paxton's complaint said that Allstate and Arity used the data collected by its SDK to develop and sell products to other insurers like Drivesight, an algorithmic model that assigned a driving risk score to individuals, and ArityIQ, which allowed other insurers to "[a]ccess actual driving behavior collected from mobile phones and connected vehicles to use at time of quote to more precisely price nearly any driver." Allstate and Arity marketed the products as providing "driver behavior" data but because the information was collected via mobile phones the companies had no way of determining whether the owner was actually driving, according to the lawsuit. "For example, if a person was a passenger in a bus, a taxi, or in a friend's car, and that vehicle's driver sped, hard braked, or made a sharp turn, Defendants would conclude that the passenger, not the actual driver, engaged in 'bad' driving behavior," the suit states. Neither Allstate and Arity nor the app developers properly informed customers in their privacy policies about what data the SDK was collecting or how it would be used, according to the lawsuit. The lawsuit violates Texas' Data Privacy and Security Act (DPSA) and insurance code by failing to address violations within the required 30-day cure period. "In its complaint, filed in federal court, Texas requested that Allstate be ordered to pay a penalty of $7,500 per violation of the state's data privacy law and $10,000 per violation of the state's insurance code, which would likely amount to millions of dollars given the number of consumers allegedly affected," adds the report.

"The lawsuit also asks the court to make Allstate delete all the data it obtained through actions that allegedly violated the privacy law and to make full restitution to customers harmed by the companies' actions."

An anonymous reader quotes a report from CBS News: The Supreme Court on Monday said it will not consider whether to quash lawsuits brought by Honolulu seeking billions of dollars from oil and gas companies for the damage caused by the effects of climate change, clearing the way for the cases to move forward. The legal battle pursued in Hawaii state court is similar to others filed against the nation's largest energy companies by state and local governments in their courts. The suits claim that the oil and gas industry engaged in a deceptive campaign and misled the public about the dangers of their fossil fuel products and the environmental impacts.

A group of 15 energy companies asked the Supreme Court to review a decision from the Hawaii Supreme Court that allowed a lawsuit brought by the city and county of Honolulu, as well as its Board of Water Supply, to proceed. The suit was brought in Hawaii state court in March 2020, and Honolulu raised (PDF) several claims under state law, including creating a public nuisance and failure to warn the public of the risks posed by their fossil fuel products. The city accused the oil and gas industry of contributing to global climate change, leading to flooding, erosion and more frequent and intense extreme weather events. These changes, they said, have led to property damage and a drop in tax revenue as a result of less tourism.

The energy companies unsuccessfully sought to have the case moved to federal court, arguing that the claims raised by Honolulu under state law were overridden by federal law and the Clean Air Act. A state trial court denied their efforts to dismiss the case. The oil and gas industry has argued that greenhouse-gas emissions "flow from billions of daily choices, over more than a century, by governments, companies and individuals about what types of fuels to use, and how to use them." Honolulu, the companies said, was seeking damages for the "cumulative effect of worldwide emissions leading to global climate change." The Hawaii Supreme Court ultimately allowed (PDF) the lawsuit to proceed. The state's highest court determined that the Clean Air Act displaced federal common law governing suits seeking damages for interstate pollution. It also rejected the oil companies' argument that Honolulu was seeking to regulate emissions through its lawsuit, finding that the city instead wanted to challenge the promotion and sale of fossil fuel products "without warning and abetted by a sophisticated disinformation campaign."

"Plaintiffs' state tort law claims do not seek to regulate emissions, and there is thus no 'actual conflict' between Hawaii tort law and the [Clean Air Act]," the Hawaii Supreme Court ruled. "These claims potentially regulate marketing conduct while the CAA regulates pollution." The oil companies asked the U.S. Supreme Court to review the ruling from the Hawaii high court and urged it to stop Honolulu's lawsuit from going forward. Regulation of interstate pollution is a federal area governed by federal law, lawyers for the energy industry argued. [...] The Supreme Court in June asked the Biden administration to weigh in on the cases and whether it should step into the dispute. In a filing submitted to the Supreme Court before the transfer of presidential power, the Biden administration urged the justices to turn away the appeals, in part because it said it is too soon for them to intervene.

Ars Technica's Jon Brodkin reports: The New York law requiring Internet providers to offer cheap plans to people with low incomes will take effect on Wednesday this week following a multi-year court battle in which the state defeated broadband industry lobby groups. A US appeals court upheld the law in April 2024, reversing the ruling of a district judge who blocked it in 2021. The Supreme Court last month decided not to hear the broadband industry's challenge, leaving the appeals court ruling in place. The state law requires Internet providers to offer $15- or $20-per-month service to people with low incomes.

As we've written, the battle between New York and ISPs was an important test case for how states can regulate broadband providers when the Federal Communications Commission isn't doing so. The Biden-era FCC's attempt to reinstate net neutrality rules and regulate broadband providers as common carriers was blocked in court, but ISPs lost the fight against the New York affordability law and an earlier fight against California's net neutrality law.

New York-based ISPs can comply by offering $15 broadband plans with download speeds of at least 25Mbps, or $20-per-month service with 200Mbps speeds. The price must include "any recurring taxes and fees such as recurring rental fees for service provider equipment required to obtain broadband service and usage fees." Price increases are to be capped at 2 percent per year, and state officials will periodically review whether minimum required speeds should be raised. New York Public Service Commission Chair Rory Christian last week issued an order stating that the law will take effect on January 15. "On December 16, 2024, the United States Supreme Court denied the Plaintiff's request for further review," the order said. "As part of the litigation, the [New York attorney general] agreed not to enforce the ABA [Affordable Broadband Act] until 30 days after the date when the US Supreme Court decided the writ of Certiorari. Thus, the ABA will once again take effect and may be enforced in New York on January 15, 2025." The order said it plans to implement the law quickly because of "developments at the federal level impacting the affordability of broadband service."

ISPs can receive one-month exemptions by filing paperwork by Wednesday confirming they meet the subscriber threshold, notes Ars. To secure longer-term exemptions, ISPs must submit detailed financial information by February 15.

Google is reintroducing "digital fingerprinting" in five weeks, reports Mashable, describing it as "a data collection process that ingests all of your online signals (from IP address to complex browser information) and pinpoints unique users or devices." Or, to put it another way, Google "is tracking your online behavior in the name of advertising."

The UK's Information Commissioner's Office called Google's decision "irresponsible": it is likely to reduce people's choice and control over how their information is collected. The change to Google's policy means that fingerprinting could now replace the functions of third-party cookies... Google itself has previously said that fingerprinting does not meet users' expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. To quote Google's own position on fingerprinting from 2019: "We think this subverts user choice and is wrong...." When the new policy comes into force on 16 February 2025, organisations using Google's advertising technology will be able to deploy fingerprinting without being in breach of Google's own policies. Given Google's position and scale in the online advertising ecosystem, this is significant.
Their post ends with a warning that those hoping to use fingerprinting for advertising "will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure."

But security and privacy researcher Lukasz Olejnik asks if Google's move is the biggest privacy erosion in 10 years.... Could this mark the end of nearly a decade of progress in internet and web privacy? It would be unfortunate if the newly developing AI economy started from a decrease of privacy and data protection standards. Some analysts or observers might then be inclined to wonder whether this approach to privacy online might signal similar attitudes in other future Google products, like AI... The shift is rather drastic. Where clear restrictions once existed, the new policy removes the prohibition (so allows such uses) and now only requires disclosure... [I]f the ICO's claims about Google sharing IP addresses within the adtech ecosystem are accurate, this represents a significant policy shift with critical implications for privacy, trust, and the integrity of previously proposed Privacy Sandbox initiatives.
Their post includes a disturbing thought. "Reversing the stance on fingerprinting could open the door to further data collection, including to crafting dynamic, generative AI-powered ads tailored with huge precision. Indeed, such applications would require new data..."

Thanks to long-time Slashdot reader sinij for sharing the news.

Friday America's consumer watchdog agency "proposed a rule to give virtual video game currencies protections similar to those of real-world bank accounts..." reports the Washington Post, "so players can receive refunds or compensation for unauthorized transactions, similar to how banks are required to respond to claims of fraudulent activity." The Consumer Financial Protection Bureau is seeking public input on a rule interpretation to clarify which rights are protected and available to video game consumers under the Electronic Fund Transfer Act. It would hold video game companies subject to violations of federal consumer financial law if they fail to address financial issues reported by customers. The public comment period lasts from Friday through March 31. In particular, the independent federal agency wants to hear from gamers about the types of transactions they make, any issues with in-game currencies, and stories about how companies helped or denied help.

The effort is in response to complaints to the bureau and the Federal Trade Commission about unauthorized transactions, scams, hacking attempts and account theft, outlined in an April bureau report that covered banking in video games and virtual worlds. The complaints said consumers "received limited recourse from gaming companies." Companies may ban or lock accounts or shut down a service, according to the report, but they don't generally guarantee refunds to people who lost property... The April report says the bureau and FTC received numerous complaints from players who contacted their banks regarding unauthorized charges on Roblox. "These complaints note that while they received refunds through their financial institutions, Roblox then terminated or locked their account," the report says.

While CES wraps up this week, "Not all innovation is good innovation," warns Elizabeth Chamberlain, iFixit's Director of Sustainability (heading their Right to Repair advocacy team). So this year the group held its fourth annual "anti-awards ceremony" to call out CES's "least repairable, least private, and least sustainable products..." (iFixit co-founder Kyle Wiens mocked a $2,200 "smart ring" with a battery that only lasts for 500 charges. "Wanna open it up and change the battery? Well you can't! Trying to open it will completely destroy this device...") There's also a category for the worst in security — plus a special award titled "Who asked for this?" — and then a final inglorious prize declaring "the Overall Worst in Show..."

Thursday their "panel of dystopia experts" livestreamed to iFixit's feed of over 1 million subscribers on YouTube, with the video's description warning about manufacturers "hoping to convince us that they have invented the future. But will their vision make our lives better, or lead humanity down a dark and twisted path?" The video "is a fun and rollicking romp that tries to forestall a future clogged with power-hungry AI and data-collecting sensors," writes The New Stack — though noting one final irony.

"While the ceremony criticized these products, YouTube was displaying ads for them..."

UPDATE: Slashdot reached out to iFixit co-founder Kyle Wiens, who says this teaches us all a lesson. "The gadget industry is insidious and has their tentacles everywhere."

"Of course they injected ads into our video. The beast can't stop feeding, and will keep growing until we knife it in the heart."

Long-time Slashdot reader destinyland summarizes the article: "We're seeing more and more of these things that have basically surveillance technology built into them," iFixit's Chamberlain told The Associated Press... Proving this point was EFF executive director Cindy Cohn, who gave a truly impassioned takedown for "smart" infant products that "end up traumatizing new parents with false reports that their baby has stopped breathing." But worst for privacy was the $1,200 "Revol" baby bassinet — equipped with a camera, a microphone, and a radar sensor. The video also mocks Samsung's "AI Home" initiative which let you answer phone calls with your washing machine, oven, or refrigerator. (And LG's overpowered "smart" refrigerator won the "Overall Worst in Show" award.)

One of the scariest presentations came from Paul Roberts, founder of SecuRepairs, a group advocating both cybersecurity and the right to repair. Roberts notes that about 65% of the routers sold in the U.S. are from a Chinese company named TP-Link — both wifi routers and the wifi/ethernet routers sold for homes and small offices.Roberts reminded viewers that in October, Microsoft reported "thousands" of compromised routers — most of them manufactured by TP-Link — were found working together in a malicious network trying to crack passwords and penetrate "think tanks, government organizations, non-governmental organizations, law firms, defense industrial base, and others" in North America and in Europe. The U.S. Justice Department soon launched an investigation (as did the U.S. Commerce Department) into TP-Link's ties to China's government and military, according to a SecuRepairs blog post.

The reason? "As a China-based company, TP-Link is required by law to disclose flaws it discovers in its software to China's Ministry of Industry and Information Technology before making them public." Inevitably, this creates a window "to exploit the publicly undisclosed flaw... That fact, and the coincidence of TP-Link devices playing a role in state-sponsored hacking campaigns, raises the prospects of the U.S. government declaring a ban on the sale of TP-Link technology at some point in the next year."

TP-Link won the award for the worst in security.

"Microsoft's Digital Crimes Unit is taking legal action to ensure the safety and integrity of our AI services," according to a Friday blog post by the unit's assistant general counsel. Microsoft blames "a foreign-based threat-actor group" for "tools specifically designed to bypass the safety guardrails of generative AI services, including Microsoft's, to create offensive and harmful content.

Microsoft "is accusing three individuals of running a 'hacking-as-a-service' scheme," reports Ars Technica, "that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content" after bypassing Microsoft's AI guardrails: They then compromised the legitimate accounts of paying customers. They combined those two things to create a fee-based platform people could use. Microsoft is also suing seven individuals it says were customers of the service. All 10 defendants were named John Doe because Microsoft doesn't know their identity.... The three people who ran the service allegedly compromised the accounts of legitimate Microsoft customers and sold access to the accounts through a now-shuttered site... The service, which ran from last July to September when Microsoft took action to shut it down, included "detailed instructions on how to use these custom tools to generate harmful and illicit content."

The service contained a proxy server that relayed traffic between its customers and the servers providing Microsoft's AI services, the suit alleged. Among other things, the proxy service used undocumented Microsoft network application programming interfaces (APIs) to communicate with the company's Azure computers. The resulting requests were designed to mimic legitimate Azure OpenAPI Service API requests and used compromised API keys to authenticate them. Microsoft didn't say how the legitimate customer accounts were compromised but said hackers have been known to create tools to search code repositories for API keys developers inadvertently included in the apps they create. Microsoft and others have long counseled developers to remove credentials and other sensitive data from code they publish, but the practice is regularly ignored. The company also raised the possibility that the credentials were stolen by people who gained unauthorized access to the networks where they were stored...

The lawsuit alleges the defendants' service violated the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Lanham Act, and the Racketeer Influenced and Corrupt Organizations Act and constitutes wire fraud, access device fraud, common law trespass, and tortious interference.